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(54) [>ata copyright management system and apparatus 

(57) There are provided a digital content manage- 
ment apparatus wliich further embodies a digital con- 
tent management apparatus used with a user terminal, 
and a system which protects the secrets of a digital con- 
tent. The system and tiie apparatus are a real time 
operating system using a micro-kernel, which is incor- 
porated in the digital content management apparatus as 
an interruption process having high priority, or is 
arranged in a network system using the digital content. 
When a user uses the digital content, whetiier there is 
an illegitimate usage or not, is watched by intenupting 
the usage process. In the case where Illegitimate usage 
is carried out, a warning is given or tiie usage is 
stopped. The decryption/re-encryption functions of tiie 
digital content management apparatus having the 
decryption/re-encryption functions are not restricted to 
the inskle of the user apparatus. By provKling tiie 
decryption/re-encryption functions •between the net- 
works, tiie exchange of secret information between dif- 
ferent networks is secured. By using this apparatus for 
converting a crypt algorithm, information exchange is 
made possible between systems which adopt different 
algorithms. 
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Description 

BACKGROUND OF THE INVENTION 

Field of the Invention s 

The present invention relates to a system for man- 
aging digital content specificaliy for managing a copy- 
right of digital content claiming the copyright and for 
securing secrecy of digital content, and also relates to 10 
an apparatus implementing this system. 

Background Art 

In Information- oriented society of today a database is 
system has been spread in which various data values 
having been stored independently in each computer so 
far are mutually used by connecting computers by com- 
munication lines. 

The infbrmation having been handled so far by the 20 
database system is classical type coded information 
which can be processed by a computer and has a small 
amount of infbrmation or monochrome binary data like 
facsimile data at most Therefore, the database system 
has not been able to handle data with an extremely 25 
large amount of infbrmation such as a natural picture 
and a motion picture. 

However, while the digital processing technique for 
various electric signals develops, development of the 
digital processing art has shown progress for a picture 30 
signal other than binary data having been handled only 
as an analog signal. 

By digitizing the above picture signal, a picture sig- 
nal such as a television signal can be handled by a com- 
puter. Therefore, a "multimedia system" for handling 35 
various data handled by a computer and picture data 
obtained by digitizing a picture signal at the same time 
is noticed as a future technique. 

Because hitherto widely-spread analog content is 
deteriorated in quality whenever storing, copying, edit- 40 
ing, or transmitting it copyright issues associated with 
the above operations have not been a large problem. 
However, because digital content is not deteriorated In 
quality after repeatedly storing, copying, editing, or 
transmitting it. the control of copyrights associated with 4S 
the above operations is a* large problem. 

Because there is not hitherto any exact metiiod for 
handling a copyright for digital content, tiie copyright is 
handled by tiie copyright law or relevant contracts. Even 
in tiie copyright law. compensation money for a digital- so 
type sound-or picture- recorder is only systematized. 

Use of a database includes not only ref ening to the 
contents of the database but also normally effectively 
using tiie database by storing, copying, or editing 
obtained digital content Moreover, it is possible to ss 
transmit edited digital content to anotiier person via on- 
line by a communication line or via off-line by a proper 
recording medium. Furtiiermore, it is possible to trans- 



mit the edited digital content to tiie database to enter it 
as new digital content. 

In an existing database system, only character data 
is handled. In a multimedia system, however, audio data 
and picture data which are originally analog content are 
digitized to a digital content and formed into a database 
in addition to tiie data such as characters which have 
been formed into a database so far. 

Under the above situation, how to handle a copy- 
right of digital content formed into a database is a large 
problem. However, tiiere has not been adequate copy- 
right management means for solving tiie problem so far. 
particularly copyright management means completed 
for secondary utilization of tiie digital content such as 
copying, editing, or transmitting of the digital content 

Alttiough digital content referred to as software with 
advertisement or as freeware is. generally, available 
free of charge, it is copyrighted and its use may be 
restricted by tiie copyright depending on tiie way of use. 

In view of the above, the inventor of tiie present 
invention has made various proposals thus far in order 
to protect a copyright of the digital content. In QB 
2269302 and U. S. Patent 5.504,933, tiie inventor has 
proposed a system for executing copyright manage- 
ment by obtaining a permit key from a key management 
center ttirough a public telephone line, and has also 
proposed an apparatus for tiiat purpose in GB 2272822. 
Furthermore, in EP 677949 and in EP 704785, a system 
has been proposed for managing tiie copyright of tiie 
digital content 

In tiiese systems and apparatus, tiiose who wish to 
view encrypted programs request to view a program 
uing a communication device to a management center 
via a communication line, and the management center 
transmits a permit key in response to the request for 
viewing, and charges and collects a fee. 

Upon receipt of the permit key. those who wish to 
view tiie program send the permit key to a receiver 
eittier by an on-line or an off-line means and ttie 
receiver, which has received tiie permit key. decrypts 
tiie encrypted program according to the permit key. 

The system described in EP 677949 uses a pro- 
gram and copyright information to manage a copyright 
in addition to a key for permitting usage in order to exe- 
cute the management of tiie copyright in displaying 
(including process to sound), storing, copying, editing, 
and transmitting of tiie digital content in a database sys- 
tem, including tiie real time transmission of digital pic- 
ture content. The digital content management program 
for managing the copyright watches and manages to 
prevent from using tiie the digital content outside tiie 
conditions of tiie user's request or permission. 

Furthermore. EP 677949 discloses that tiie digital 
content is supplied from a database in an encrypted 
state, and is decrypted only when displayed and edited 
by ttie digital content management program, while tfie 
digital content is encrypted again when stored, copied 
or transmitted. It is also described that tiie digital con- 
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tent management program itself is encrypted and is 
decrypted by the permit key, and that the deaypted dig- 
ital content management program performs decryption 
and encryption of the digital content, and when usage 
other than staing and displaying of the digital content is 
executed, the copyright information is stored as a his- 
tory, In addition to the original copyright Information. 

In U. S. Patent Application No.08/549,270 and EP 
071 5241 relating to the present application, there is pro- 
posed an apparatus for decryption/re-encryption having 
configuration of a board. PCMCIA card or an IC card for 
managing the copyright, and a system for depositing a 
crypt key. Also, a reference is made to apply the copy- 
right management method to a video conference sys- 
tem and an electronic commerce system. 

In U.S. Patent Application No,08/549.271 and EP 
709760, a system has been proposed wherein the pro- 
tection of an original digital content copyright and an 
edited digital content copyright in case of the edited dig- 
ital content using a plurality of digital contents Is carried 
out by confirming the validity of a usage rquest accord- 
ing to a digital signature on an edit program by combin- 
ing a secret-key cryptosystem and a public- key 
cryptosystem. 

In US. Patent Applk:ation Na08^573,958 and EP 
719045. various forms have been proposed for applying 
the digital content management system to database 
and video-on-demand (VOD) systems or an electronic 
commerce. 

In U.S. Patent Application No.08/563.463, EP 
746126. a system has been proposed, in which copy- 
rights on an original digital content and a new digital 
content are protected by using a third crypt key and a 
copyright label in case of using and editing a plurality of 
digital contents. 

As can be understood from the digital content man- 
agement systems and the digital content management 
apparatus which have been proposed by the Inventor of 
the present invention, described above, the manage- 
ment of a digital content copyright can be realized by 
restricting encryption/decryption/re-encryption and the 
form of the usage by using the copyright management 
program. TTie cryptography technology and the usage 
restriction thereof can be realized by using a computer. 

In order to use the computer efficiently, an operat- 
ing system (OS) is used which, supervises the overall 
operation of the computer. The conventional operating 
system used on a personal conputer or the like is con- 
stituted of a kemel for handling basic services such as 
memory control, task control, interruption, and commu- 
nication between processes and OS services for han- 
dling other services. 

However, Improvement in the functions of the OS 
which supervises the overall operation of computers is 
now being demanded where circumstances change on 
the computer side, such as Improved capability of 
microprocessors, a deaeased price of RAM (Random 
Access Memory) used as a main memory, as well as 



improvement in the performance capability of comput- 
ers is required by users, as a consequence, the scale of 
an OS has become comperativeiy larger then before. 
Since such an enlarged OS occupies a large space 
5 itself in the hard disk stored OS, the space for storing 
the application programs or data needed by the user is 
liable to be insuffident, with the result in which the 
usage convenience in the computer becomes unfavora- 
ble. 

10 In order to cope with such a situation, in the latest 
OS, an environmental sub- system for performing emu- 
lation of other OS and graphics displaying, and a core 
sub- system such as a security sub-system are 
removed from the kernel, as a sut> system that is a part 

IS that depends on the user. The basic parts such as a 
HAL (hardware abstraction layer) for absorbing differ- 
ences in hardware, a scheduling function, an interrup- 
tion function, and an 1/0 control function is a micro- 
kernel, and a system service API (Application Program- 

20 ming Interface) is Interposed between the sub- system 
and the micro- kernel, thereby constituting the OS. 

By doing so, extension of the OS by change or addi- 
tion of functions will be improved, and portability of the 
OS can be facilitated conresponding to the applications. 

25 By a distributed arrangement fbr elements of the micro- 
kernel to a plurality of network computers, the distrib- 
uted OS can also be realized without difficulty 

Computers are used in computer peripheral units, 
various control units, and communication devices in 

30 addition to the personal computers represented by tiie 
desktop type or notebook type computers. In such a 
case, as an OS unique for embedding, applicable to 
each of the devices, a real time OS is adopted in which 
execution speed is emphasized, unlike a general-pur- 

35 pose personal computer OS, in which the man- 
machine interface is emphasized. 

Naturally, the development cost for a respective OS 
unique to each device embedded will be high. There 
has recently been proposed, therefore, tiiat a general- 

40 purpose OS for personal computers as a real-time OS 
for embedding Is used instead. By arranging a specified 
program for embedding in a sub- system combined with 
the micro-kernel, a real-time OS for embedding can be 
obtained. 

45 As the major functions of an OS, there is a task con- 
trol such as scheduling, interruption processing, and 
tiie like. Witii respect to task confrol. there are two kinds 
of OS's; the single-task type, in which only one task is 
executed at tiie same time, and the multi-task type, in 

so which a plurality of task processes are executed at the 
same time. The multi-task type is furtiier classified into 
two kinds; one multi-task type, changing of tasks 
depends on the task to be executed, and the other multi- 
task type, the changing does not depend on tiie task to 

55 be e)^uted. 

In the aforementioned types, the single-task type 
assignes one process to a CPU (central processing 
unit) and the CPU is not released until the process 
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comes to an end, and a non-preemptive multi-task type 
performs time-division for the CPU, and the CPU can be 
assigned to a plurality of processes. As long as the 
process which Is being executed does not give control 
back to the OS. other processes are not executed. And 5 
a preemptive multi-task type interrupts the process 
which Is being executed during a certain time interval 
and thereby forcibly move the control to another proc- 
ess. Consequently, real time multi-task can be available 
only in the case of the preemptive type. 10 

Task control in a computer is performed according 
to processes being units having system resources such 
as a memory and a file. Process control is performed 
according to a thread, being a unit in which CPU time is 
assigned, in which the process is minutely divided. Inci- is 
dentally, in this case, the system resources are shared 
in all the threads in the same process. More than one 
threads, therefore, may exist which share the system 
resources in one process. 

Each task which is processed by the multi- task 20 
type has a priority spectrum, which is generally divided 
into 32 classes. In such a case, a normal task without 
interruption is classified into dynamic classes which are 
divided into 0 to 15 classes, while a task performing 
intenruption is classified into real- time classes divided 25 
into 16 to 31 classes. 

Interruption processing is carried out using inter- 
ruption enabling time (generally. 10ms) refenred to as a 
time slice, as one unit. A normal intenruption is carried 
out during a time slice of 10ms. In such a situation, a so 
time slice has recently been proposed wherein the inter- 
ruption enabling time is set to 100 fis. When such a real 
time slice is used, an interruption can be carried out with 
greater priority than the conventional 10 ms. 

35 

gUMMARY OF THE INVENTION 

In the present application, there is proposed a dig- 
ital content management apparatus which farther 
embodies a digital content management apparatus 40 
which can be used with the user terminal proposed in 
EP 704785. for managing a digital content, specifically, 
a copyright of the digital content claiming the copyright. 
And also there is proposed a system to which the idea 
applied to the digital content management apparatus is 4s 
further applied for secrecy protection of the digital con- 
tent. 

In the present application, a system for watching 
the illegitimate usage of the digital content and an appa- 
ratus therefor are proposed. These system and appara- so 
tus are a real time operating system using a micro- 
kernel, and are incorporated in the digital content man- 
agement apparatus as an interruption process having a 
high priority, or are arranged In a network system using 
the digital content It is watched whether an illegitimate ss 
usage or not, by interrupting into the use process when 
a user utilizes the digital content In the case where ille- 
gitimate usage is performed, a warning or a stop for the 



usage is given. 

Furthermore, in the present application, deayp- 
tion/re-encryption functions in the digital content man- 
agement apparatus having the decryption/re-enayption 
functions are not restricted within the user apparatus 
but are provided in a gateway or a node between the 
networks, so that the exchange of secret information is 
secured between different networks. 

By using the apparatus according to the present 
invention, for the conversion of crypt algorithm, informa- 
tion exchange can be made possible t)etween systems 
which adopt different crypt algorithms. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Rgure 1 is a structural view of a digital content 
management system to which the present invention is 
applied. 

Rgure 2 is a structural view of a digital content 
management apparatus to which the present invention 
is applied. 

Figure 3 is a structural view of another digital con- 
tent management apparatus to which the present inven- 
tion is applied. 

Rgure 4 is a structural view of a system for watch- 
ing the digital content usage according to the present 
invention. 

Rgure 5 is a structural view of a system for protect- 
ing digital content secrecy according to the present 
invention. 

DETAILED DESCRIPTION Of THE INVENTION 

The description of the preferred embodiments 
according to the present invention is given below refer- 
ring to the accompanied drawings. 

Rgure 1 shows a structure of the digital content 
management system to which the present application 
applies. 

In this digital content management system illus- 
trated in Figure 1 , reference numerals 1 , 2 and 3 repre- 
sent databases stored text data, binary data of a 
computer graphhics screen or a computer program and 
digital content of sound or picture data, which are not 
encrypted. 9 represents a communication network con- 
stituted of using a public telephone line offered by a 
communication enterprise or a CATV line offered by a 
cable television enterprise. 4 represents a primary user 
terminal. 5 represents a secondary user terminal, 6 rep- 
resents a tertiary user terminal, and 7 represents an n- 
order user terminal, and 8 represents a digital content 
management center. 

On the above anrangement, the databases 1. 2, 3. 
the digital content management center 8. primary user 
terminal 4. secondary user terminal 5. tertiary user ter- 
minal 6, and n-order user terminal 7 are connected to 
the communication network 9. 

In this figure, a path shown by a broken line repre- 
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sents a path for transferring encrypted digital content, a 
path shown by a solid line represents a path for transfer- 
ring requests from each of the user terminals 4. 5. 6, 7 
to the digital content management center 8 and data- 
bases 1 . 2, 3, a path shown by a one-dot chain line rep- 
resents a path through which a permit key 
corresponding to a usage request, a digital content 
management program and a crypt key are transfen'ed 
from each of the databases 1. 2. 3. and the digital con- 
tent management center 8 to each of the user terminals 
4. 5. 6. 7. 

This digital content management system employs a 
first public-key Kb1, a first private-key Kv1 correspond- 
ing to the first public-key Kb1 . a second public-key Kb2, 
and a second private-k^ Kv2 corresponding to the sec- 
ond public-key Kb2 that are prepared by the user, and a 
first secret-key Ks1 and a second secret-key Ks2 pre- 
pared by the database. The database enaypts digital 
content M by using the first seaet-key Ksl : 

Cmksl :r E(I^I.M), 

and further encrypts the first secret-key Ksl by the first 
public-key Kbi: 

Ckslkbl = E(Kb1.Ks1) 

and the second secret-key Ks2 by the second publk:- 
keyKb2: 

Cks2kb2»E(Kb2.Ks2). 

The database then transfers these encrypted digrtal 
content Cmksl, the first and the second secret-k^ 
Cks1 kb1 and Ck2kb2 to the user. 

TTie user decrypts the encrypted first seaet-key 
Cksl kbi using the first private- key Kvl : 

Ks1»D(Kv1.Cks1kb1), 

and decrypts the encrypted digital content Cmksl by 
the deaypted first secret-key 1^1 : 

MsD(Ks1. Cmksl) 

and uses it The user decrypts encrypted second 
secret-key Cks2fd)2 by the second private-key Kv2: 

Ks2=:D(Kv2.Cks2kb2). 

which is subsequently used after decryption as a crypt 
key for storing, copying, or transferring digital content. 

if the primary user 4 copies digital content obtained 
and then supplies it to the secondary user 5, the digital 
content does not involve the copyright of the primary 
user 4 because no modifications have been made to the 
digital content. If, however, the primary user 4 produces 
new digital content based on the digital content 



obtained or using a means for combining with other dig- 
ital content, the new digital content involves a second- 
ary copyright for the primary user 4, and the primary 
user 4 has the original copyright for this secondary 
5 work. 

Similarly, if the secondary user 5 produces further 
new digital content based on the digital content 
obtained from the primary user 4 or using a means of 
combining with other digital content, the new digital con- 

10 tent involves a secondary copyright for the secondary 
user 5, and the secondary user 5 has the original copy- 
right of this secondary work. 

Databases 1, 2, and 3 store text data, binary data 
constituting computer graphics screens or programs 

IS and digital content such as digital audio data and digital 
picture data, which are to be encrypted and supplied to 
the primary user terminal 4 via network 9 during a digital 
content read operation in response to a rec^est from 
the primary user terminal 4. 

20 Managing the digital content obtaining from the 
database is canried out by the method described in Jap- 
anese Patent LakJ-open No. 185448/1 998 or in Japa- 
nese Patent LakJ- Open No.287014/1996, which have 
been proposed by the present inventor. 

^ Recently, a PCI (Peripheral Component Intercon- 
nect) txjs has attracted attention as means for imple- 
menting a multiprocessor configuration in a typical 
personal computer. TTie PCI bus Is a bus for extemal 
connection connected to a system bus of a computer 

30 via a PCI bridge, and allows to implement a multiproc- 
essor configuration. 

The digital content includes graphics data, compu- 
ter programs, digital audio data, still picture data by 
JPEG and also moving picture data by MPEG 1 or 

35 MPEG 2. in addition to character data. In case that the 
digital content to be managed Is moving picture data by 
JPEG still picture system or moving picture data by 
MPEG 1 or MPEG 2, as having remarkably large 
amount of data with high speed, managing the digital 

40 content by a single processor is difficult. 

Rgure 2 is a block diagram illustrating an arrange- 
ment of a digital content management apparatus used 
for managing the digital content of the above In the dig- 
ital content management system shown in Rgure 1. 

45 The digital content management apparatus com- 
prises a first digital content management apparatus 12 
connected to a user terminal 1 1 and a second digital 
content management apparatus 13. 

The first digital content management apparatus 12 

50 has a computer configuration having a MPU (Miao- 
Processor Unit) 24. a local bus 25 of MPU 24. ROM 
(Read-Only Memory) 26 connected to the local bus 25. 
RAM 27 and EEPROM (Electrically Erasable Program- 
mable Read-Only Memory) 31. 

5$ A PCI bus 23 is connected to a system bus 1 5 for a 
microprocessor 14 of the user terminal 11 via a PCI 
bridge 22 and the local bus 25 for the MPU 24 of the dig- 
ital content management apparatus 12, and also a local 
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bus 30 for MPU 29 of the digital content management 
apparatus 13 are connected to the PCI bus 23. Also 
connected to the system bus 1 5 of the user terminal 1 1 
are a communications device (CX)MM) 21 which 
receives digital content from external databases and 5 
transfers digital content to the external of the terminal, a 
CD-ROM drive (CDRD) 20 which reads digital content 
supplied on CD-ROM, a flexible disk drive (FDD) 19 
which copies received or edited digital content in a flex- 
ible disk to supply to the external of terminal, and hard w 
disk drive (HDD) 18 used for storing digital content. 
COMM 21. CDRD 20, FDD 19. and HDD 18 may also 
be connected to the PCI bus 23. While ROM, RAM etc.. 
of course, are connected to the system bus 15 of the 
user tenninal. these are not shown in Rgure 2. is 

TTie decryption and re-enayption operations are 
performed by either of the MPU 24 of the first digital 
content management apparatus 12 and the MPU 29 of 
the second digital content management apparatus 13. 
I.e.. one performs decryption and the other performs re- 20 
encryption at the same time. Since the configuration of 
the MPU 24 and MPU 29 in Rgure 2 is a multiprosessor 
conf iguration which performs parallel processing with a 
PCI bus 23. high processing speed can be achieved. 

In the digital content management apparatus 25 
shown in Rgure 2. the storage device, such as HDD 18, 
for storing re-encrypted digital content is connected to 
the system bus 15 of the user terminal 11. In order to 
store re-encrypted digital content, therefore, the 
encrypted digital content nnust be transfen^ed by way of 30 
the system bus 15 of the user terminal 1 1 and the local 
bus 25 or 30 of the digital content management appara- 
tus 12 or 13, and consequently, processing speed can 
be slowed. 

In the digital content management apparatus 35 
shown in Figure 3, a communications device COMM 
and a CD-ROM drive CDRD are connected to a local 
bus of a digital content management apparatus for 
decryption, and a storage device such as HDD for stor- 
ing re-encrypted digital content is connected to the local 40 
bus of a digital content management apparatus for re- 
encryption. 

The digital content management apparatus 35 for 
decryption has the computer system configuration hav- 
ing a MPU 37. a local bus 38 for the MPU 37. and ROM 45 
39. RAM 40 and EEPROM 41 connected to the local 
bus 38, and a communication device COMM 42 and a 
CD-ROM drive CDRD 43 are connected to the local bus 
38. The encrypted digital content supplied from the 
communication device COMM 42 and the CD-ROM so 
drive CDRD 43 is decrypted in this apparatus. 

The digital content management apparatus 36 for 
re- encryption has the conputer system configuration 
having a MPU 44, a local bus 45 for the MPU 44, and 
ROM 46. RAM 47 and EEPROM 48 connected to the ss 
local bus 45. and HDD 39 is connected to the local bus 
45. The digital content which has been re-encrypted in 
the digital content management apparatus 36 for re- 



encryption is stored In HDD 39. 

In the protection of a digital content copyright, the 
greatest issue is how to prevent from illegitimate usage 
of the digital content on the user side apparatus. 
DecryptionAe-encryption and restriction on usage are 
carried out by a digital content management program for 
this purpose. 

However, since decryption/re-encryption of the dig- 
ital content to be protected the copyright is performed 
using an apparatus on the user side, it is virtually impos- 
sible to expect that processing of the decryption/re- 
encryption and the management of the crypt key which 
is used for the purpose will be complete. There is a pos- 
sibility that the digital content will be illegitimately 
stored, copied, transmitted and edited by invalidating 
the digital content management program. 

In order to restrict such illegitimate usage, it is 
required that a digital content management program for 
decryption/re-encryption of the digital content, and for 
managing the crypt key cannot be altered by the user. 
For this purpose, incorporation of the digital content 
management program into the hardware is the nfx>st 
secure method. 

For example, there is a configuration in which a 
dedicated scramble decoder is currently used Ibr 
descrambling scrambled broadcast programs in analog 
television broadcast, so that decryption/kre-encryption of 
the digital content and management of the crypt key are 
available only by using a dedicated digital content man- 
agement apparatus. 

Although such a configuration is reliable, the sys- 
tem structure is lacking in flexibility. When the apparatus 
on the user side is changed, or the digital content man- 
agement program is changed, it is very hard for the user 
to respond to such changes. In case of a network com- 
puter on which has been recently focused, since the 
network computer does not have a function for storing 
the digital content management program, it wouki be 
inpossible to realize the digital content management 
program in the hardware. 

In order to correspond with flexibility to a case 
where the apparatus on the user side changes, or a 
case where tiie digital content management program is 
changed, it is desirable for the digital content manage- 
ment program to be software. However, there is a possi- 
bility that the digital content management program is 
altered as long as the digital content management pro- 
gram is an application program. 

For the digital content management program being 
software, the digital content management program is 
required to be incorporated in a kernel that is a fixed 
area in OS and cannot be altered by the user. However, 
it is not practical for the digital content management pro- 
gram to be incorporated in the fixed area of the kernel, 
where the digital content management system and the 
cryptosystem are differentiated between the databases. 

As described above, some real time OS can per- 
form interruption in real time slice time which is one or 
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two figures lister than the time slice of the system in 
another OS that includes l^ernel area. By using this 
technology, the usage status of the digital content which 
is claiming the copyright, is watched without affecting 
the overall operation. And if an illegitimate usage is 5 
found, it is possible to give a warning or to forcibly stop 
the usage thereof. 

Next, a method for reinforcing a digital content man- 
agement program by using a real time OS is described. 

The digital content management apparatus shown 10 
in Figure 2 has a multi- processor structure in which a 
first digital content management apparatus 12 and a 
second digital content management apparatus 13 are 
connected to an apparatus on the user side via a PCI 
bus. The decryption operation of the first digital content is 
management apparatus 12 and re-encryption operation 
of the second digital content management apparatus 1 3 
are controlled by the digital content nnanagement pro- 
gram in the user terminal 1 1 . 

The digital content management program of the ^ 
user terminal 11 also manages the operations of the 
communication device 21, the CD-ROM drive 20, the 
flexible disk drive 19 and the hard disk drive 18, which 
manages loading or downloading of enaypted digital 
content, and storing into the hard disk drive 1 8, copying 25 
to the flexible disk drive 1 9 and uploading to the commu- 
nication device 21 of re-encrypted digital content. 

Since illegitimate usage of the digital content is car- 
ried out by unauthorized editing, unautiiorized storing, 
unauhorized copying or unauthorized uploading of the 30 
decrypted digital content, whther the illegitimate usage 
has been carried out or not, can be detected by whether 
editing, storing, copying or uploading off the decrypted 
digital content is performed or not. As a consequence, 
the process for watching the illegitimate usage inter- 35 
rupts a digital content use process which is being exe- 
cuted in a certain time interval, while inten'upting by a 
preemptive type multi-task which forcibly carries out 
watching of the process. 

The multi-task time slice normally carried out is 40 
10ms, and the decryption/re-encryption process is car- 
ried out in this time unit. On the other hand, the fastest 
real time slice is 100 ^s. which is 1/100 of the normal 
time unit. Consequently, the watching task, which has 
high inten-uption priority, can watch tiie digital content 45 
as to whether the decrypted digtal content is being 
edited, stored, copied or uploaded, so that ttie usage 
status of the digital content for which the copyright is 
claimed can be watched without affecting regular usage 
by the user, and the illegitimate usage is found, a warn- so 
ing can be given and usage tiiereof can be forcibly 
stopped. 

The digital content management program with such 
a watching function is incorporated into a sub- system 
area which is operated in the user mode in place of tiie ss 
kernel of the OS. and the watching process is regarded 
as a process with a high priority. By constituting tiie sys- 
tem in this way. the usage status of the digital content by 



decryption/re-encryption and also the illegitimate usage 
otiier tiian tiie permitted usage can be watched at tiie 
same time, and such watching can be executed 
smoothly. 

Since tiiese operations are tiie same in tiie case of 
the digital content management apparatus which is 
shown in Rgure 3. a further explanation tiiereof is omit- 
ted. 

Nect. a structure for watching the illegitimate usage 
of tiie digital content in the distributed OS is described 
referring to Figure 4. Figure 4 illustrates a structure of a 
general distributed type OS, in which senders 51 to 54 
and clients 55 to 58 are connected to a network 50. 

The network 50 is a restricted network such as LAN 
(Local Area Network) In a office. Each of the servers 51 
to 54 stores basic OS elements of tiie micro-kernel, 
application elements which are a sub-system, or tiie 
digital content. In order to manage the digital content, 
tiie digital content management program which has 
been described so fer is required. This digital content 
management program is stored, for example, in the 
server 54. And the watching program for watching tiie 
illegitimate usage of the digital content having a high pri- 
ority for interruption is stored, for example, in tiie super- 
visory server 51 for supervising tiie overall operation of 
tiie distributed OS. 

Although tiie terminal apparatus of the clients 55 to 
58 is a simple terminal, tiie terminal is provided with a 
copying device such as a flexible drive or the like when 
necessary. 

In such a structure, when tiie clients 55 to 58 use 
the digital content which is stored in the servers 51 to 
54, the clients 55 to 58 are supplied the micro-kemel 
that is tiie basic OS elements from each of the servers, 
and also supplied the digital content management pro- 
gram which is stored in tiie server 54. and thus, tiie dg- 
ital content can be used. 

The digital contents stored in the sender are either 
encrypted or not encrypted. In either of tiiese cases, the 
digital content is supplied with encrypted when supplied 
to the clients. Therefore, in order for tiie client to use the 
encrypted digital content, it is necessary to obtain tiie 
crypt key and to decrypt by the digital content manage- 
ment program as has been described above. 

The fact tiiat tiie client uses tiie digital content and 
tiie digital content management program is grasped by 
tiie supervisory server 51. This watching process auto- 
matically interrupts tiie process which is being executed 
by the client at regular intervals witiiout tiie client's 
request, and watohs. and gives a warning or stop of the 
usage if an illegitimate usage is detected. 

Since such a watching process can be completed 
with a process having a small size, and tiierefore. tiiat 
affects littie on tiie operation on the client skle, and tiie 
user does not notice tiie operation of tiie watohing pro- 
gram. 

In the distributed OS, tiie servers and tiie clients 
have been explained as separated. However, tiie afore- 
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mentioned structure may be applied when a client 
machine is provided with a hard disk drive, and the cli- 
ent machine also serves as the server machine. When 
the network 50 is not a restricted one as LAN in a office, 
but a non- restricted one such as the Internet system, 
the aforementioned structure can be also applied. 

In particular, such a structure is effective in a net- 
work computer system. Even in the case where the user 
modifies a computer not provided witii a storage device, 
a copying device or a communication device for trans- 
mission, or use a normal computer pretending to be of a 
network computer system, tine digital content can be 
managed by remote control. 

Furthermore, the structure can be applied to the 
digital content management system shown in Rgure 1. 
in such a case, the watching program is stored in the 
digital content management center 8 of Rgure 1 to reg- 
ularly watch whetiier users illegitimately use the 
encrypted digital content supplied from tiie database 
through tiie network 9 by r&ntiie control. 

in case that the digital content is broadcast via ana- 
log data broadcast or via digital data broadcast, tiie 
watch program may be transferred by inserting to the 
digital content. Also, the watch program may be resident 
in a apparatus of tiie digital content user so tiiat the 
remote control is made possible by periodk^ally broad- 
casting watch program control signal. 

In tiie case where tiie digital content having a large 
amount of information, such as digital picture content is 
handled In the digital content management system 
which is carried out via the networK an ISDN (Inte- 
grated System for Digital Network) line is used in many 
cases as a communication line. 

As tiie ISDN tine, there are generally used two data 
channels having data transmission speed of 64 Kbps 
(kilo bits per second) referred to as B cannels. and a 
control channel having data transmission speed of 16 
Kbps refenred to as D channel. Naturally, tiie digital con- 
tent is transmitted through one or two data channels, 
while the D channel is not used in many cases. 

Thus, if tiie D channel is used for tiie interrupting 
watching by tiie watch program, it would be possible to 
watch tiie usage status by remote control wfthout affec- 
tioning the usage of the digital content at all. 

When tiie user uses information to which a copy- 
right is claimed, the real time OS Is automatically linked 
to tiie key center, it is also possible to watch and man- 
age tiie re-encryption mechanism witii a real time OS 
as a result. 

Further, in the case where a digital content creator 
or an end user uses information to which a copyright is 
claimed, a re-encryption program resident in tiie PC 
uses tiie real time OS so that remote watching and 
managing can be made possible. 

Next, application of tiie digital content management 
system to the prevention of the leakage of information is 
described. Figure 5 illustrates a structure of tiie system 
for preventing from the leakage of information by apply- 



ing tiie system to an intranet system in which a LAN is 
connected to tiie Internet system. 

In Rgure 5, reference numerals 60. 61 , and 62 rep- 
resent the network systems which are connected to 

5 each other by a public lines 63, 63. In particular, the net- 
work system 62 is a LAN system established in a office 
or tiie lil^. These network systems are connected witii 
each otiier via a public communication line or tiie like to 
constitute an internet system as a whole. Clients 64, 64, 

10 64 are connected to tiie LAN system 62 and servers not 
shown in the figure are connected in addition. 

TTie LAN system has secret data such as business 
secrets and tiie like tiierein. Since the LAN system is 
connected to tiie outside network, tiie problems of tiie 

IS leakage of the secret information to the outside, or of 
tiie access to the secret information from tiie outside 
may arise As a consequence, although an information 
partition, called a lire-wall." is normally provided 
between tiie LAN system and tiie public line, tiiat Is not 

20 technologically perfect. Alsa even in tiie case of tiie 
business secret data, it may be necessary to supply tiie 
business secret data to another party, where tiie 
anotiier party network has a common Interest, and in 
such a case, tiie presence of tiie fire-wall becomes an 

25 obstacle. 

As has been described repeatedly, the manage- 
ment of the secret data can be completely carried out 
tiirough encryption. In the case where the crypt algo- 
rithm used in the other party network is common with 

30 tiie algoritiim used in the one's own networK the secret 
data can be shared by sending tiie crypt key to tiie other 
party by some means. In tiie case where the crypt algo- 
rithm used in tiie otiier party network Is different from 
tiie algoritiim which is used in one's own networK such 

35 means cannot be adopted. 

In order to cope with such a problem, crypt key con- 
version devices 65. 66 and 67 are arranged in place of 
or togetiier with tiie flr&mll in tiie Internet system 
shown in Figure 5, These crypt key conversion devices 

40 65, 66 and 67 have the same configuration as tiie digital 
content management apparatus which have been 
described by using Rgures 2 and 3. and perform 
decryption/re-encryption by two different crypt keys. 
For example, the crypt algoritiim conversion device 

45 65 decrypts the data which is enaypted by a crypt algo- 
ritiim unique to the network 60 and re-encrypts the 
decrypted data by a crypt algorithm which is common in 
tiie whole Internet system. The crypt algorithm conver- 
sion device 67 tiiat has received tiie re-encrypted data 

50 decrypts tiie re-encrypted data, encrypts the decrypted 
data by the crypt algorithm unique to the network 62, 
and supplies it to the client 64. 

By doing so, it becomes possible to handle tiie 
encrypted data between networks that adopt different 

55 crypt algorttiims. Here, tiiere may be two cases; one is 
a case in which the aypt key is not changed at all. and 
tiie otiier is a case in which tiie crypt k^ is changed at 
each stage. 
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In using databases, in a case where a data storing 
server refen'ed to as "proxy server" or "chache server** is 
used, and where the digital content Is encrypted, the 
crypt key or crypt algorithm used between the data 
server and the proxy server may be diffrentiated from 5 
the crypt key or crypt algorithm used between the proxy 
server and a user, and then, the conversion of them Is 
carried out by using the crypt key conversion device or 
aypt algorithm conversion device, so that the encrypted 
digital content can be prevented from illegitimate usage 10 
thereof. 

The conversion of the crypt algorithm by these 
devices can be effected by units of countries. Even in 
the case where crypt algorithms are used which differ 
from one country to another, It becomes possible to is 
adopt a key escrow system unique to the respective 
country, or a key recovery system using the key escrow 
system. 

For exanple. the crypt key conversion device 65 
decrypts an encrypted data from the network 60, and 20 
re-encrypts the decrypted data by using the crypt key 
common to the whole Internet system. The crypt key 
conversion device 67 which has received the re- 
encrypted data decrypts the re-encrypted data by using 
the crypt key common to the whole Internet system, and 25 
re-encrypts the decrypted data and supplies it to the cli- 
ent 64. By doing this, the problem of sending the crypt 
key is alleviated. 

These CTypt key conversion devices 65, 66 and 67 
can be an'anged in a gateway or a node which is used 30 
as a connection between networks. Further, even in a 
closed network system other than the Internet which is 
a liberated system, this system functions efficiently in 
such cases where individual information such as relia- 
bility information, medical information or the like is han- 35 
died, and where access to the data is necessary to differ 
by level& 

These crypt key conversion devices also can be 
used so as to convert the crypt algorithm. There are plu- 
rality of crypt algorithms which are currently used or 40 
proposed. In the worst case, a plurality of networks 
using different crypt algorithms respectively coexist, 
and thus, compatibility is lost, which becomes an obsta- 
cle to the development of the information oriented soci- 
ety. Even if a new effective crypt algorithm is developed, 45 
and If it has not compatibility with the existing crypt algo- 
rithm, an obstacle to the development of the information 
oriented society may similariy be brought. 

In ofder to cope with such problems, the crypt algo- 
rithm can be converted by arranging the crypt key con- so 
version devtoes 65, 66 and 67 of Rgure 5 in the gateway 
or in the node. These aypt algorithm conversion 
devices decrypt the encrypted data to be re-enaypted 
with a different crypt algorithm. 

ss 

Claims 

1 . A digital content management system which uses a 



digital content for managing digital content copy- 
rights having: 

a server in which a watch program with high 
interruption priority is stored, and being consti- 
tuted as a real time operating system using a 
micro-kernel, in a network. 

2. A digital content management apparatus used via a 
user terminal which uses a digital content for man- 
aging digital content copyrights, comprising: 

said digital content management apparatus 
comprising a microprocessor, a microproces- 
sor bus, a read-only semiconductor memory, 
an electrically erasable and programmable 
read-only memory, and a read/write memory, 
wherein: 

said miaoprocessor, said read-only semicon- 
ductor memory, sakj electrically erasable and 
programmable read-only memory and said 
read/Write memory are connected to said 
microprocessor bus, and a system bus of said 
user terminal is capable of being connected to 
said microprocessor bus; 

a digital content management system program, 
a crypt algorithm, and a watch program which 
is a micro-kernel type real time operating sys- 
tem are stored in sakJ read-only semiconductor 
memory: and 

a first public-key, a first private-key. a second 
public-key, a second private-key. a digital con- 
tent management program, a first secret-key. a 
second secret toy and copyright information 
are stored in said electronically erasable and 
programmable read-only memory. 

3. A digital content management system which pro- 
tects the secrets of a digital content in a network 
having a decryption/re-encryption apparatus 
between networks. 

4. A digital content management apparatus which pro- 
tects the secrets of a digital content in a network 

comprising: 

said digital content management apparatus 
comprising a microprocessor, a microproces- 
sor bus, a read-only semiconductor memory, 
an electrically erasable and programmable 
read-only memory and a read/Write memory, 
wherein 

said microprocessor, saki read-only semicon- 
ductor memory, sakj electrically erasable and 
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programmable read-only memory and said 
readAA^Ite memory are connected to said 
microprocessor bus, and a system bus of the 
user terminal is capable of being connected to 
said microprocessor bus; 5 



a digital content management system program, 
a crypt algorithm, and a watching program 
which is a micro-kernel type real time operating 
system are stored in said read-only semicon- 10 
ductor memory; and 



a first public-key, a first private-key a second 
public-key. a second private-key. a digital con- 
tent management program and a first seaet- is 
key, a second seaet-key and copyright infor- 
mation are stored in said electrically erasable 
and programmable read-only memory. 

5. A digital content management apparatus according 20 
to claim 2 or 4. which is configured In the form off an 
IC chip. 



6. A digital content management apparatus according 
to claim 2 or 4. which is configured in the form of an 25 
ICcard. 



A digital contents management apparatus accord- 
ing to claim 2 or 4. which is configured in the form of 
a PC card so 

A digital contents management apparatus accord- 
ing to claim 2 or 4, which is configured in the fonm of 
an inserted board. 

35 
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Fig. 2 
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Fig. 3 



IT 
J 



FDD 



34 



14 
MPU 



h 
V 



I 



SYSTEM BUS 



15 



I 



ROM 



_16 



RAM 



17 



Ji 



) 



22 



PCI /K 
BRIDGE 




13 



EP0880088A2 



Fig. 4 
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